stateless-systems-paypal 2.1.3

data/lib/notification.rb

@@ -0,0 +1,271 @@
+require 'net/http'
+
+module Paypal
+  # Parser and handler for incoming Instant payment notifications from paypal. 
+  # The Example shows a typical handler in a rails application. Note that this
+  # is an example, please read the Paypal API documentation for all the details
+  # on creating a safe payment controller.
+  #
+  # Example
+  #  
+  #   class BackendController < ApplicationController
+  #   
+  #     def paypal_ipn
+  #       notify = Paypal::Notification.new(request.raw_post)
+  #   
+  #       order = Order.find(notify.item_id)
+  #     
+  #       if notify.acknowledge 
+  #         begin
+  #           
+  #           if notify.complete? and order.total == notify.amount and notify.business == 'sales@myshop.com'
+  #             order.status = 'success' 
+  #             
+  #             shop.ship(order)
+  #           else
+  #             logger.error("Failed to verify Paypal's notification, please investigate")
+  #           end
+  #   
+  #         rescue => e
+  #           order.status        = 'failed'      
+  #           raise
+  #         ensure
+  #           order.save
+  #         end
+  #       end
+  #   
+  #       render :nothing
+  #     end
+  #   end
+  class Notification
+    attr_accessor :params
+    attr_accessor :raw
+
+    # Overwrite this url. It points to the Paypal sandbox by default.
+    # Please note that the Paypal technical overview (doc directory)
+    # speaks of a https:// address for production use. In my tests 
+    # this https address does not in fact work. 
+    # 
+    # Example: 
+    #   Paypal::Notification.ipn_url = http://www.paypal.com/cgi-bin/webscr
+    #
+    cattr_accessor :ipn_url
+    @@ipn_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr'
+    
+
+    # Overwrite this certificate. It contains the Paypal sandbox certificate by default.
+    #
+    # Example:
+    #   Paypal::Notification.paypal_cert = File::read("paypal_cert.pem")
+    cattr_accessor :paypal_cert
+    @@paypal_cert = """
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAwqgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRUwEwYDVQQK
+EwxQYXlQYWwsIEluYy4xFjAUBgNVBAsUDXNhbmRib3hfY2VydHMxFDASBgNVBAMU
+C3NhbmRib3hfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0
+MDQxOTA3MDI1NFoXDTM1MDQxOTA3MDI1NFowgZgxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEVMBMGA1UEChMMUGF5
+UGFsLCBJbmMuMRYwFAYDVQQLFA1zYW5kYm94X2NlcnRzMRQwEgYDVQQDFAtzYW5k
+Ym94X2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAt5bjv/0N0qN3TiBL+1+L/EjpO1jeqPaJC1fDi+cC
+6t6tTbQ55Od4poT8xjSzNH5S48iHdZh0C7EqfE1MPCc2coJqCSpDqxmOrO+9QXsj
+HWAnx6sb6foHHpsPm7WgQyUmDsNwTWT3OGR398ERmBzzcoL5owf3zBSpRP0NlTWo
+nPMCAwEAAaOB+DCB9TAdBgNVHQ4EFgQUgy4i2asqiC1rp5Ms81Dx8nfVqdIwgcUG
+A1UdIwSBvTCBuoAUgy4i2asqiC1rp5Ms81Dx8nfVqdKhgZ6kgZswgZgxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEV
+MBMGA1UEChMMUGF5UGFsLCBJbmMuMRYwFAYDVQQLFA1zYW5kYm94X2NlcnRzMRQw
+EgYDVQQDFAtzYW5kYm94X2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNv
+bYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFc288DYGX+GX2+W
+P/dwdXwficf+rlG+0V9GBPJZYKZJQ069W/ZRkUuWFQ+Opd2yhPpneGezmw3aU222
+CGrdKhOrBJRRcpoO3FjHHmXWkqgbQqDWdG7S+/l8n1QfDPp+jpULOrcnGEUY41Im
+jZJTylbJQ1b5PBBjGiP0PpK48cdF
+-----END CERTIFICATE-----
+"""
+
+    # Creates a new paypal object. Pass the raw html you got from paypal in. 
+    # In a rails application this looks something like this
+    # 
+    #   def paypal_ipn
+    #     paypal = Paypal::Notification.new(request.raw_post)
+    #     ...
+    #   end
+    def initialize(post)
+      empty!
+      parse(post)
+    end
+
+    # Was the transaction complete?
+    def complete?
+      status == "Completed"
+    end
+
+    def failed?
+      status == "Failed"
+    end
+    
+    def denied?
+      status == "Denied"
+    end
+
+    # When was this payment received by the client. 
+    # sometimes it can happen that we get the notification much later. 
+    # One possible scenario is that our web application was down. In this case paypal tries several 
+    # times an hour to inform us about the notification
+    def received_at
+      Time.parse params['payment_date']
+    end
+
+    # Whats the status of this transaction?
+    def status
+      params['payment_status']
+    end
+
+    # Id of this transaction (paypal number)
+    def transaction_id
+      params['txn_id']
+    end
+
+    # What type of transaction are we dealing with? 
+    #  "cart" "send_money" "web_accept" are possible here. 
+    def type
+      params['txn_type']
+    end
+
+    # the money amount we received in X.2 decimal.
+    def gross
+      params['mc_gross']
+    end
+
+    # the markup paypal charges for the transaction
+    def fee
+      params['mc_fee']
+    end
+
+    # What currency have we been dealing with
+    def currency
+      params['mc_currency']
+    end
+  
+    # This is the item number which we submitted to paypal 
+    def item_id
+      params['item_number']
+    end
+
+    # This is the email address associated to the paypal account that recieved
+    # the payment.
+    def business
+      params['business']
+    end
+
+    # This is the item_name which you passed to paypal
+    def item_name
+      params['item_name']
+    end
+
+    # This is the invocie which you passed to paypal 
+    def invoice
+      params['invoice']
+    end   
+    
+    # This is the invocie which you passed to paypal 
+    def test?
+      params['test_ipn'] == '1'
+    end
+
+    # This is the custom field which you passed to paypal 
+    def custom
+      params['custom']
+    end
+    
+    # Reason for pending status, nil if status is not pending. 
+    def pending_reason
+      params['pending_reason']
+    end
+    
+    # Reason for reversed status, nil if status is not reversed. 
+    def reason_code
+      params['reason_code']
+    end
+    
+    # Memo entered by customer if any
+    def memo
+      params['memo']
+    end
+      
+    # Well, the payment type.
+    def payment_type
+      params['payment_type']
+    end
+    
+    # The exchange rate used if there was a conversion.
+    def exchange_rate
+      params['exchange_rate']
+    end
+    
+    def gross_cents
+      (gross.to_f * 100.0).round
+    end
+
+    # This combines the gross and currency and returns a proper Money object. 
+    # this requires the money library located at http://dist.leetsoft.com/api/money
+    def amount
+      return Money.new(gross_cents, currency) rescue ArgumentError
+      return Money.new(gross_cents) # maybe you have an own money object which doesn't take a currency?
+    end
+    
+    # reset the notification. 
+    def empty!
+      @params  = Hash.new
+      @raw     = ""      
+    end
+
+    # Acknowledge the transaction to paypal. This method has to be called after a new 
+    # ipn arrives. Paypal will verify that all the information we received are correct and will return a 
+    # ok or a fail. 
+    # 
+    # Example:
+    # 
+    #   def paypal_ipn
+    #     notify = PaypalNotification.new(request.raw_post)
+    #
+    #     if notify.acknowledge 
+    #       ... process order ... if notify.complete?
+    #     else
+    #       ... log possible hacking attempt ...
+    #     end
+    def acknowledge      
+      payload =  raw
+      
+      uri = URI.parse(self.class.ipn_url)
+      request_path = "#{uri.path}?cmd=_notify-validate"
+      
+      request = Net::HTTP::Post.new(request_path)
+      request['Content-Length'] = "#{payload.size}"
+      request['User-Agent']     = "paypal-ruby -- http://rubyforge.org/projects/paypal/"
+
+      http = Net::HTTP.new(uri.host, uri.port)
+
+      http.verify_mode    = OpenSSL::SSL::VERIFY_NONE unless @ssl_strict
+      http.use_ssl        = true
+
+      request = http.request(request, payload)
+        
+      raise StandardError.new("Faulty paypal result: #{request.body}") unless ["VERIFIED", "INVALID"].include?(request.body)
+      
+      request.body == "VERIFIED"
+    end
+
+    private
+    
+    # Take the posted data and move the relevant data into a hash
+    def parse(post)
+      @raw = post
+      for line in post.split('&')    
+        key, value = *line.scan( %r{^(\w+)\=(.*)$} ).flatten
+        params[key] = CGI.unescape(value)
+      end
+    end
+
+  end
+end

data/lib/paypal.rb

@@ -0,0 +1,31 @@
+#--
+# Copyright (c) 2005 Tobias Luetke
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require 'cgi'
+require 'net/http'
+require 'net/https'
+require 'active_support'
+
+    
+require File.dirname(__FILE__) + '/notification'
+require File.dirname(__FILE__) + '/helper'

data/test/helper_test.rb

@@ -0,0 +1,197 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'test/unit'
+require 'paypal'
+
+require 'rubygems'
+require 'actionpack' rescue LoadError raise(StandardErrror.new("This test needs ActionPack installed as gem to run"))
+require 'action_controller'
+require 'action_view'
+require 'money'
+
+
+# Little hack class which pretends to be a active controller
+class TestController < ActionController::Base
+  allow_forgery_protection
+  include Paypal::Helpers
+  include ActionView::Helpers::TagHelper
+  include ActionView::Helpers::FormHelper
+  include ActionView::Helpers::UrlHelper
+  include ActionView::Helpers::FormTagHelper
+
+  def url_for(options, *parameters_for_method_reference)
+    "http://www.sandbox.paypal.com/cgi-bin/webscr"
+  end
+  
+  # Used for testing paypal_form_start using a block (test_paypal_form_start_with_block)
+  def capture(&block)
+    return yield
+  end
+  
+  # Used for testing paypal_form_start using a block (test_paypal_form_start_with_block)
+  def concat(one, two)
+    return eval("self", two)+one
+  end
+end
+
+class HelperTest < Test::Unit::TestCase
+ 
+  
+  def assert_inputs(options, text)
+    all = text.scan(/name\=\"(\w+)\"/).flatten
+    
+    xor = (options.keys | all) - (options.keys & all)
+    
+    # xor
+    assert_equal [], xor, "options do not match expectations does not have keys #{xor.inspect} only appear in one of both sides in \n\n#{text}"
+
+    text.scan(/name\=\"([^"]+).*?value\=\"([^"]+)/) do |key, value|
+      if options.has_key?(key)
+        assert_equal options[key], value, "key #{key} was '#{options[key]}' and not '#{value}' in \n\n#{text}" 
+      end
+    end
+  end
+   
+  def setup 
+    @helpers = TestController.new
+  end
+
+  def test_paypal_form_start
+    assert_equal %{<form action="http://www.sandbox.paypal.com/cgi-bin/webscr" method="post">}, @helpers.paypal_form_tag
+  end
+
+  def test_paypal_form_start_with_block
+    strTest = "OriginalString"
+    assert_equal %Q(OriginalString<form action="http://www.sandbox.paypal.com/cgi-bin/webscr" method="post">SomeTextHere</form>), 
+    strTest.instance_eval(%Q(TestController.new.paypal_form_tag do
+      "SomeTextHere"
+    end))
+  end
+
+  def test_paypal_setup_with_money
+    actual = @helpers.paypal_setup("100", Money.us_dollar(50000), "bob@bigbusiness.com")    
+    assert_inputs({ "amount" => "500.00",
+                    "business" => "bob@bigbusiness.com",
+                    "charset" => "utf-8",
+                    "cmd" => "_xclick",
+                    "currency_code" => "USD",
+                    "item_name" => "Store purchase",
+                    "item_number" => "100",
+                    "no_note" => "1",
+                    "no_shipping" => "1",
+                    "quantity" => "1"}, actual)
+  end
+
+  def test_paypal_setup_with_money_and_tax
+    actual = @helpers.paypal_setup("100", Money.us_dollar(50000), "bob@bigbusiness.com", :tax => Money.us_dollar(500))    
+    assert_inputs({ "amount" => "500.00",
+    "business" => "bob@bigbusiness.com",
+    "charset" => "utf-8",
+    "cmd" => "_xclick",
+    "currency_code" => "USD",
+    "item_name" => "Store purchase",
+    "item_number" => "100",
+    "no_note" => "1",
+    "no_shipping" => "1",
+    "quantity" => "1",
+    "tax" => "5.00"}, actual)
+  end
+  
+  def test_paypal_setup_with_money_and_invoice
+    actual = @helpers.paypal_setup("100", Money.us_dollar(50000), "bob@bigbusiness.com", :invoice => "Cool invoice!")    
+    assert_inputs({ "amount" => "500.00",
+    "business" => "bob@bigbusiness.com",
+    "charset" => "utf-8",
+    "cmd" => "_xclick",
+    "currency_code" => "USD",
+    "invoice" => "Cool invoice!",
+    "item_name" => "Store purchase",
+    "item_number" => "100",
+    "no_note" => "1",
+    "no_shipping" => "1",
+    "quantity" => "1"}, actual)
+  end  
+
+  def test_paypal_setup_with_money_and_custom
+    actual = @helpers.paypal_setup("100", Money.us_dollar(50000), "bob@bigbusiness.com", :custom => "Custom")    
+    assert_inputs({ "amount" => "500.00",
+    "business" => "bob@bigbusiness.com",
+    "charset" => "utf-8",
+    "cmd" => "_xclick",
+    "currency_code" => "USD",
+    "custom" => "Custom",
+    "item_name" => "Store purchase",
+    "item_number" => "100",
+    "no_note" => "1",
+    "no_shipping" => "1",
+    "quantity" => "1", 
+    }, actual)
+  end  
+  
+  def test_paypal_setup_with_float
+    actual = @helpers.paypal_setup("100", 50.00, "bob@bigbusiness.com", :currency => 'CAD')
+    assert_inputs({ "amount" => "50.00",
+    "business" => "bob@bigbusiness.com",
+    "charset" => "utf-8",
+    "cmd" => "_xclick",
+    "currency_code" => "CAD",
+    "item_name" => "Store purchase",
+    "item_number" => "100",
+    "no_note" => "1",
+    "no_shipping" => "1",
+    "quantity" => "1"}, actual)
+  end
+
+  def test_paypal_setup_with_string
+    actual = @helpers.paypal_setup("100", "50.00", "bob@bigbusiness.com", :currency => 'CAD')
+    assert_inputs({ "amount" => "50.00",
+    "business" => "bob@bigbusiness.com",
+    "charset" => "utf-8",
+    "cmd" => "_xclick",
+    "currency_code" => "CAD",
+    "item_name" => "Store purchase",
+    "item_number" => "100",
+    "no_note" => "1",
+    "no_shipping" => "1",
+    "quantity" => "1"}, actual)
+  end
+    
+  def test_paypal_setup_options
+    actual = @helpers.paypal_setup("100", Money.us_dollar(100), "bob@bigbusiness.com", :item_name => "MegaBob's shop purchase", :return => 'http://www.bigbusiness.com', :cancel_return => 'http://www.bigbusiness.com', :notify_url => 'http://www.bigbusiness.com', :no_shipping => 0, :no_note => 0  )    
+    assert_inputs({ "amount" => "1.00",
+    "business" => "bob@bigbusiness.com",
+    "cancel_return" => "http://www.bigbusiness.com",
+    "charset" => "utf-8",
+    "cmd" => "_xclick",
+    "currency_code" => "USD",
+    "item_name" => "MegaBob's shop purchase",
+    "item_number" => "100",
+    "no_note" => "0",
+    "no_shipping" => "0",
+    "notify_url" => "http://www.bigbusiness.com",
+    "quantity" => "1",
+    "return" => "http://www.bigbusiness.com"}, actual )
+  end    
+
+  def test_paypal_setup_subscription
+    actual = @helpers.paypal_setup("100", Money.us_dollar(2800), "bob@bigbusiness.com", :item_name => "MegaBob's shop purchase", :return => 'http://www.bigbusiness.com', :cancel_return => 'http://www.bigbusiness.com', :notify_url => 'http://www.bigbusiness.com', :no_shipping => 0, :no_note => 0, :subscription => { :recurring => true, :period => :monthly, :retry => true })
+    assert_inputs({ "a3" => "28.00",
+    "business" => "bob@bigbusiness.com",
+    "cancel_return" => "http://www.bigbusiness.com",
+    "charset" => "utf-8",
+    "cmd" => "_ext-enter",
+    "redirect_cmd" => "_xclick-subscriptions",
+    "currency_code" => "USD",
+    "item_name" => "MegaBob's shop purchase",
+    "item_number" => "100",
+    "no_note" => "0",
+    "no_shipping" => "0",
+    "notify_url" => "http://www.bigbusiness.com",
+    "quantity" => "1",
+    "src" => "1",
+    "sra" => "1",
+    "t3" => "M",
+    "return" => "http://www.bigbusiness.com"}, actual )
+  end
+
+end